Sudoers Typical Example

tronayne · 11-30-2012, 10:19 AM

I've never used sudo (I've always used su -) and now have to set it so users can use MySQL Workbench (it seems pretty Ubuntu-heavy).

Anyway, reading the manual page has left me... well, confused-ish.

Is there a simple example of what goes in that file that's functionally equivalent to su -? Don't wanna be an expert, just want to use for this one purpose.

Thanks.

malekmustaq · 11-30-2012, 10:53 AM

Quote:

Is there a simple example of what goes in that file that's functionally equivalent to su -? Don't wanna be an expert, just want to use for this one purpose.

I think (I could be wrong though) to achieve your purpose 'su' can be enough: sudo is not necessary. Just create one $USER that has this and that powers to attain your end, then let other users su into that ID to perform the needed task. Sudo is too much.

Assumed that you have /etc/sudoers file because it is ubuntu. Edit this to fix some sudo user.

linosaurusroot · 11-30-2012, 10:55 AM

http://www.linuxquestions.org/questi...do-4175438403/

So to allow a root shell you could provide "/bin/sh" or "/bin/su -" as commands.

To allow specific commands that do not allow a root shell you need to be very selective about what you allow (for instance most commands that write files once you've enabled them to write files as root have potential for changing security-related configuration).

GazL · 11-30-2012, 11:20 AM

Yes, it left me feeling that way too. I can't help but think the guy who wrote that man-page was more interested in showing us how clever he was rather than communicating how to actually use the damn thing.

Anyway, it's a little more complicated than this, but the basics can be summarised as:
who where=(as) options what

who can run what command(s) as which user(s), on where

'who', 'where' and 'as' and even 'what' can be specified as 'ALL' meaning any user, any host, any command etc.

e.g.
gazl ALL=(build) NOPASSWD: /home/build/kernel.SlackBuild

User gazl can run /home/build/kernel.SlackBuild as user 'build' on any host(*) without specifying a password.

Rather than read the man-page, you're better off just looking at the examples in the suders file itself, then come back and re-read the man page once you've got the basics down.

(*) sudo is not network aware, it simply allows you to share one sudoers rule file across your network and have certain rules apply to certain hosts.

tronayne · 11-30-2012, 02:00 PM

OK, so I added

Code:

trona ALL=(ALL) ALL

with visudoers. That appears to let "me" do stuff.

That solved one problem with getting MySQL Workbench going (it doesn't say that I'm not in "sudoers" any more anyway) but I can't start the "database server instance" for some reason or other; that's going to take some digging in the MySQL Workbench documentation, methinks.

Oh, well.

Thanks for your input.